Nmap Development mailing list archives
Re: Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option
From: "Duilio J. Protti" <dprotti () flowgate net>
Date: Wed, 31 Aug 2005 15:49:43 -0300
In fact, the problem is on function skip_range() on TargetGroup.cc: for (i = oct; i >= 0; i--) { if (current[i] < last[i]) { .... the problem is that i is an unsigned int, so decrementing never reachs a negative value, but wraparound to the biggest unsigned int value. When this happen, i is obviously >= 0, the for loop is entered, and current[i] becames an invaled reference to memory. Attached is the patch. Regards, Duilio. Aaron J. Bedra wrote:
Here's the run and backtrace followed by my gcc ver Hope this helps. Regards, Aaron J. Bedra /*-----------Begin gdb Output------------------------*/ (gdb) run -sP -PS --excludefile exclude.list 192.168.2.0/24 Starting program: /home/abedra/nmap-3.84ALPHA1/nmap -sP -PS --excludefile exclude.list 192.168.2.0/24 Starting nmap 3.84ALPHA1 ( http://www.insecure.org/nmap/ ) at 2005-08-31 12:56 EDT Warning: File ./nmap-services exists, but Nmap is using /usr/local/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too). Program received signal SIGSEGV, Segmentation fault. 0x08082c48 in TargetGroup::skip_range (this=0x80f0fc0, octet=THIRD_OCTET) at TargetGroup.cc:342 342 current[i] = 0; (gdb) backtrace #0 0x08082c48 in TargetGroup::skip_range (this=0x80f0fc0, octet=THIRD_OCTET) at TargetGroup.cc:342 #1 0x08057485 in hostInExclude (checksock=0xbfffa540, checksocklen=16, exclude_group=0x80f0fc0) at targets.cc:1749 #2 0x0805249c in nexthost (hs=0x8101210, exclude_group=0x80f0fc0, ports=0x80d2450, pingtype=0x80ce658) at targets.cc:317 #3 0x0804e587 in nmap_main (argc=6, argv=0xbffff004) at nmap.cc:1034 #4 0x0804adde in main (argc=6, argv=0xbffff004, envp=0xbffff020) at main.cc:244 (gdb) /*------------------------END---------------------------------*/ linux:/home/abedra/nmap-3.84ALPHA1 # gcc -v Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.5/specs Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada --disable-checking --libdir=/usr/lib --enable-libgcj --with-slibdir=/lib --with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux Thread model: posix gcc version 3.3.5 20050117 (prerelease) (SUSE Linux)
Attachment:
nmap-excludefile.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option pijn trein (Aug 31)
- Re: Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option Aaron J. Bedra (Aug 31)
- Re: Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option Duilio J. Protti (Aug 31)
- Re: Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option Duilio J. Protti (Aug 31)
- Re: Segfault in 3.83DC1 and 3.84ALPHA1 using --excludefile option Aaron J. Bedra (Aug 31)